Diagnostic settings within Azure - Terraform

Question

I want to set up auditing on a SQL database so I see server and database auditing like below :

so this shows there is auditing on the SQL server and also the SQL db. I can do this quite easily in terraform by pointing to /master and I can get the server auditing done - so like this :

 #---- Diagnostic Logging ----
resource "azurerm_monitor_diagnostic_setting" "main" {
  name                       = "Diagnostic Settings - Master"
  target_resource_id         = "${azurerm_mssql_server.main.id}/databases/master"
  log_analytics_workspace_id = azurerm_log_analytics_workspace.main.id
  

  log {
    category = "SQLSecurityAuditEvents"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = false
    }
  }

  lifecycle {
    ignore_changes = [log, metric]
  }
}

and this section applies it to the /master db (server).

resource "azurerm_mssql_server_extended_auditing_policy" "main" {
  server_id              = azurerm_mssql_server.main.id
  log_monitoring_enabled = true
}

although I need it on the server, I also need it on two databases which sit on the server. Any help with this because I cannot seem to sort it.

Answer 1

Threre is no need to create a db level but if you do required it then. you can do this by changing this line to the name of your db.

 target_resource_id         = "${azurerm_mssql_server.main.id}/databases/master"

master points at you server level, but if you want a policy at the db level then change this to your db name.